[OpenAFS] Ldap & AFS
Leif Johansson
leifj@it.su.se
Fri, 11 Oct 2002 13:15:22 +0200
Judy Warren wrote:
>
>
>
>
> What about the other way around -- has anyone done anything (or know of
> anyone who has done anything) to get AFS to query LDAP for user
> authentication? Kind of a LDAP substitute for a kas/Kerberos server...
> and maybe also a substitute for a pts server.
>
I thought about this and it was discussed at the LISA 2002 AFS workshop
but the consensus seems to be that although it would not be extremely
difficult to modify pts (I was looking at milko pts btw) most people
would be able to do what they need to do (usually some kind of account
synchronization) if pts allowed for storing some kind of extra metadata
along with the principal. For instance if you could stick the LDAP dn
in the pts record indicating both that the entry has been synchronized
with the directory and also indicating the equivalence. Maybe you need
some kind of timestamp-thingy aswell.
leifj